Quote:
Originally Posted by dcortez
Thanks for that.
I'm actually inclined to use Basic Authentication, and I just needed some assurances that it has not been totally abandoned for security limitations.
Then, there's the issue of which encryption scheme to use...
 |
It has not been abandoned, and there are no security issues with it other then that it doesn't natively offer any protection against bruteforce. If you are using Apache 2.4, then the algo you want to use to generate the passwords is bcrypt. None of the algos are INSECURE in practice. Google cracked SHA1 but a single phrase would apparently take a single GPU 110 years to crack so in practice no one is really gonna get through it. The only really insecure hash is unsalted MD5 because it can be reversed using rainbow tables.